Microsoft Windows 11 Build 26200 File Explorer Auditor

This Metasploit module provides a defensive pre-execution assessment for the Windows vulnerability where File Explorer fails to properly restrict access to sensitive system locations...

PT-2025-18159

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Thunderbird versions prior to 138 Description A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. Recommendations For Firefox versions prior to 138,...

GHSA-79W7-VH3H-8G4J yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

PT-2024-20473 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform versions 1.4.0 through 1.14.1 Description: A path traversal vulnerability in the client SDK of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary...

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

The U.S. Federal Trade Commission FTC on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that...

Data broker sued for allegedly selling individuals' sensitive location data

The Federal Trade Commission FTC has sued data broker Kochava for allegedly selling information that would allow for individuals whereabouts to be traced to sensitive locations. The information included location data from hundreds of millions of phones, including sensitive locations that could be...

FTC Sues Data Broker

This is good news: The Federal Trade Commission FTC has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. "Defendants violations are in...

AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/6853/info A vulnerability has been discovered in multiple vendor implementations of the 'gethostbyname' library function, which is used to resolve network addresses. The 'gethostbyname' function fails to implement sufficient bounds checking on data copied...